Have a cool product idea or improvement?

We'd love to hear about it! Click here to go to the product suggestion community

Sophos Management Service not starting

I installed SEC 550 on a Windows Server 2016 VM on a isolated network. At first I was not able to install SEC 550 while connected to the domain with local nor domain accounts, but when I disjoined it from the domain, it installed just fine and Enterprise Console came up with no problems. I rejoined the server to the domain and when I logged in, Sophos Management Service did not start automatically. I tried to start it manually and received the 0x8004005 error with a 8004 ID code in Event logs.

The following is what I have tried and what I know:

I tried:

- changed Sophos Database account password and also changed it in the Setup.exe installation

- disabled firewall

- checked if databases exists

- checked if databases were online

- checked if SIDs matched

- checked if database account had the correct permissions and in the correct groups.

- checked if GPO's were blocking account.

- uninstalled and reinstalled multiple times with same issue

- changed Sophos Management Service Log on as from Local System Account to database account

What I know:

- Sophos Management Service ONLY starts when NOT joined to domain

- Installed on Windows Server 2016

- Using local accounts

What is weird:

- A few months back, I installed SEC on Windows Server 2016 with the same EXACT settings, in the same OU, same GPOs, and Sophos Management Service starts successfully, so I am confused on that part also.

I figured it out and I don't know why it works this way, but this is what I did to make it work:

1. I had to install SEC without being connected to the domain, creating local users for the Database and Update Manager.

2. When I rejoin the server to the domain, the Sophos Management Service stops working. I have to disable 'Network Access: Do not allow storage of passwords and credentials for network authentication' GPO.

3. Then I rerun the setup.exe file from 'C:\sec_550\ServerInstaller' and modify my database account to a domain user account I created in Active Directory.

4. Once that was complete, I was able to start the service and run the Enterprise Console.

Now I have a new problem. I installed Sophos Client on another test Server 2016 server, I wasn't able to install it remotely from SEC, so I installed in manually from the SAVSCFXP directory. After installing it successfully, it gathered the latest definitions from SEC, but doesn't checkin to SEC saying that it is protected.